France's data privacy watchdog has launched an investigation into Clubhouse, a US-based audio chat app.
The National Commission for Informatics and Liberties said it opened an investigation on March 12, after receiving complaints to verify if the application’s publisher Alpha Exploration had taken steps to comply with the EU’s General Data Protection Regulation (GDPR).
The regulation, enforced in May 2018, aims to ensure any organization, even if not based in the EU but processing the personal data or offering goods or services to EU citizens or residents, must adhere to data protection principles like consent and data portability.
The investigation, a statement issued by CNIL, said “should make it possible to confirm that the GDPR is applicable to the company and to determine if it is ignored.”
If confirmed that the application does not comply with the GDPR, the CNIL may, if necessary, “use its own repressive powers,” which could include heavy fines.
Since the Clubhouse’s original publishing company has no establishment in the EU, CNIL said it was intervening as a lead authority in France to take a decision with regard to cross-border data processing.
Other European authorities are also working in tandem to ensure “consistent application of the GDPR” by the app.
The by-invitation app launched last April for iPhone allows users to join audio rooms led by organizers to converse with several people or to simply listen in silence. It has faced criticism over loose data protection safeguards and transmitting user’s personal data potentially allowing a third party to track actions in the app.
A petition is currently circulating in France with more than 12,000 signatures, alerting the CNIL on the possible breaches by Clubhouse on privacy laws.
“Its privacy rules state that if a person signs up, the names and numbers of all of their contacts will be uploaded to a secret database […] which can then be sold to third parties,” the petition said.